Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-10887

CVE-2025-10887: Autodesk Shared Components RCE Flaw

CVE-2025-10887 is a remote code execution vulnerability in Autodesk Shared Components caused by memory corruption when parsing malicious MODEL files. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2025-10887 Overview

CVE-2025-10887 is a memory corruption vulnerability affecting multiple Autodesk products that parse MODEL files through shared components. An attacker who convinces a user to open a maliciously crafted MODEL file can trigger memory corruption and execute arbitrary code in the context of the current process. The flaw is classified under [CWE-120] (Buffer Copy without Checking Size of Input) and impacts the Autodesk 2026 product family, including AutoCAD, Revit, Inventor, 3ds Max, and Civil 3D. Exploitation requires local file access and user interaction, but successful attacks yield high impact to confidentiality, integrity, and availability.

Critical Impact

A crafted MODEL file can achieve arbitrary code execution on engineering workstations running Autodesk 2026 products, exposing CAD assets and design data.

Affected Products

  • Autodesk Shared Components and AutoCAD 2026 (including Architecture, Electrical, Map 3D, Mechanical, MEP, Plant 3D variants)
  • Autodesk 3ds Max 2026, Revit 2026, Revit LT 2026, Inventor 2026, Civil 3D 2026
  • Autodesk Advance Steel 2026, InfraWorks 2026, and Vault 2026

Discovery Timeline

  • 2025-12-16 - CVE-2025-10887 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-10887

Vulnerability Analysis

The vulnerability resides in the MODEL file parser implemented within Autodesk Shared Components, a library reused across the Autodesk 2026 product portfolio. When the parser processes attacker-controlled fields inside a MODEL file, it fails to validate buffer boundaries before copying data into fixed-size memory regions. This results in memory corruption that an attacker can shape into arbitrary code execution. Because the affected code is shared, a single malicious file can target users across AutoCAD, Revit, Inventor, 3ds Max, and other Autodesk applications. The attack runs with the privileges of the user opening the file, which on engineering workstations often includes access to sensitive intellectual property.

Root Cause

The root cause is improper input validation during MODEL file deserialization, consistent with [CWE-120]. Length or offset fields embedded in the file are trusted without bounds checks, allowing overflow conditions in the parsing routines.

Attack Vector

Exploitation requires an attacker to deliver a crafted MODEL file and convince the victim to open it in a vulnerable Autodesk application. Delivery channels include phishing email attachments, compromised design-sharing portals, supply chain attacks against third-party content libraries, and malicious files hosted on internal collaboration platforms. Once opened, the malicious payload executes within the Autodesk process context, enabling follow-on actions such as credential theft, lateral movement, or ransomware staging.

No public proof-of-concept is currently available. Refer to the Autodesk Security Advisory ADSK-SA-2025-0024 for vendor technical details.

Detection Methods for CVE-2025-10887

Indicators of Compromise

  • Unexpected child processes spawned by acad.exe, revit.exe, inventor.exe, 3dsmax.exe, or other Autodesk binaries
  • MODEL files arriving from untrusted email senders, external file shares, or unverified design repositories
  • Crashes or unexpected termination of Autodesk applications shortly after opening a MODEL file

Detection Strategies

  • Monitor process lineage for Autodesk applications spawning shells (cmd.exe, powershell.exe), scripting hosts, or LOLBins
  • Hunt for MODEL files written to user Downloads, Temp, or email attachment directories followed by Autodesk process activity
  • Deploy YARA or content inspection rules against MODEL files transiting email gateways and file shares

Monitoring Recommendations

  • Enable EDR telemetry on engineering workstations and forward Autodesk process events to a central SIEM for correlation
  • Track outbound network connections originating from Autodesk processes that deviate from licensing or update endpoints
  • Alert on memory protection violations or crash dumps generated by Autodesk binaries, which can indicate exploitation attempts

How to Mitigate CVE-2025-10887

Immediate Actions Required

  • Apply the fixed versions referenced in Autodesk Security Advisory ADSK-SA-2025-0024 across all affected 2026 products
  • Inventory all installations of Autodesk Shared Components and dependent applications to confirm patch coverage
  • Restrict the opening of MODEL files received from external or untrusted sources until patching is verified

Patch Information

Autodesk has released updated builds for the affected 2026 products. Customers should use Autodesk Access to deploy the latest patched versions of AutoCAD, Revit, Inventor, 3ds Max, Civil 3D, and other listed applications. Review the vendor advisory for the specific fixed version numbers per product.

Workarounds

  • Block inbound MODEL file attachments at email gateways where business workflows permit
  • Require validation of MODEL files through an isolated review workstation before opening on production engineering systems
  • Apply application allowlisting to prevent Autodesk processes from launching command interpreters or scripting hosts
bash
# Example: query installed Autodesk products on Windows to verify patch status
wmic product where "Vendor like '%Autodesk%'" get Name,Version

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.